Senior Cyber Incident Responder

About The Position

Requirements

• Candidate must have a TS/SCI with ability to obtain a Polygraph
• Demonstrated experience serving in an incident response role, or similar, for a minimum of 4 years.
• Sufficient knowledge of complex enterprise cybersecurity systems and technologies with the ability to interpret network and web architecture documentation.
• Demonstrated experience providing briefings to an executive audience.
• Certified DoD 8140.01 and 8570.01-M Information Assurance Technical Officer (IAT) Level III
• Certified DoD 8140.01 and 8570.01-M CSSP Incident Responder
• Excellent verbal and writing skills with the ability to write clear and concise assessment reports.
• Good understanding of adversarial tactics and techniques as it applies to defensive cyber operations.
• Strong understanding of both network and host-based tactics.
• Good understanding of web application exploitation techniques.
• Strong understanding of the attack lifecycle.
• Good understanding of defense evasion techniques.
• Bachelor’s degree, or higher, in Computer Science, Cyber Security Engineering or IT-related discipline. With an additional 8 years of experience in the cybersecurity field. Additional years of experience may be substituted in lieu of degree.

Nice To Haves

• Demonstrated 6 or more years of experience supporting an IC or DoD agency with an understanding of Defensive Cyber Operations in cloud environments, including hybrid multi-cloud environments.
• Proficient in vendor agnostic cloud security concepts
• Strong understanding with the Intelligence Lifecycle and how it applies to Cyber Threat Intelligence reporting.

Responsibilities

• Coordinate and execute tasks, performing analysis, and building/documenting response activities required during cyber security incident response, to include but not limited to actions such as implementing containment measures, IP blocks, domain blocks, and disabling user accounts on direction of the Government.
• Coordinates with other stakeholders as appropriate to ensure incidents are properly reported, contained, and eradicated.
• Coordinates with other contracts, organizations, activities, and services to ensure NGA recovers from an incident/event.
• Builds timelines, documents, briefings, and other products as required to inform stakeholders of incident response actions, analysis, and the impact of both adversary activity and blue force response actions.
• Documents actions taken and analysis in the authorized ticketing system to a level of detail where the actions taken and analysis are capable of being systematically reconstructed.
• Serve as C-IRT members as required and serve under the direct control of, and take direction from, the Government C-IRT Commander.
• Develops, documents, and provides to the Government incident investigation reports which include sufficient information to document the entire lifecycle of the incident and the response, including but not limited to adversary and friendly forces activity, host and network analysis, timelines, and recommendations for corrective actions, recommendations for new Tactics, Techniques, and Procedures (TTP) and other recommendations as appropriate, within 30 days of C-IRT stand-down;
• Conduct Quality Control reviews of tickets worked by more junior analysts to ensure proper analysis, categorization, documentation, and notification.

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
• We offer competitive compensation, benefits and learning and development opportunities.
• Our broad and competitive mix of benefits options is designed to support and protect employees and their families.
• At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.